Tesla’s Site And Twitter Account Hacked

Earlier today, Tesla’s Twitter account and website were taken over by some nefarious jokesters. Tesla Motors Inc.’s Twitter feed and its media-relations e-mail account were hacked Saturday, with the electric-car maker led by billionaire Elon Musk becoming the latest victim of online vandals.The first signs of the hijacking popped up around 1:52 P.M. pacific, when a tweet from the account declared that it was now under the control of its attackers, and the account’s name was changed from “Tesla Motors” to “#RIPPRGANG”. Around 5 PM ET, a strange tweet popped up on the company’s official Twitter account, suggesting the company was no longer in control of what was being posted.

The hacker or hackers who compromised Tesla’s Twitter feed were able to post messages to the Palo Alto, California-based company’s more than 564,000 followers, and one of the attackers responded to an e-mail message to Tesla’s press contact, indicating that account was compromised, too. “It’s not been hacked sir,” the person wrote from a Gmail account, identifying him or herself as a “tesla press representative” using a name that’s been linked to earlier attacks on other companies. Over about a 10-minute period, the hacker sent out 11 tweets, mostly tagging other people and advertising a “free Tesla” if people called a number that routes to a computer repair shop in Oswego, Ill.

They often occur when people managing the account fail to turn on so-called two-factor authentication, which involves entering a code sent via text message to the owner’s phone, in addition to a password. At any rate the Tesla IT people must have scrambled, because the website and the Twitter account were back to normal in about 30 minutes, as far as we can tell. Its Twitter account, meanwhile, still seems to be hijacked. (We’ve avoided linking directly to any of the hacked sites in the off chance that the sites themselves were made to compromise the user’s security.) It’s not unusual for a high-profile Twitter account to get hijacked — many of the most followed accounts in the world have fallen at one time or another. It’s unclear if the hack compromised the security of Tesla’s own servers, or if the site hijacking is a result of something like DNS/domain redirection.